National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

    Vulnerabilities Detail

CVE-2015-0235 Detail

Description

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Source:  MITRE      Last Modified:  01/28/2015

Quick Info

CVE Dictionary Entry:
CVE-2015-0235
Original release date:
01/28/2015
Last revised:
11/09/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
10.0 HIGH
Vector:
(AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore:
10.0
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/ External Source CONFIRM http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
http://linux.oracle.com/errata/ELSA-2015-0090.html External Source CONFIRM http://linux.oracle.com/errata/ELSA-2015-0090.html
http://linux.oracle.com/errata/ELSA-2015-0092.html External Source CONFIRM http://linux.oracle.com/errata/ELSA-2015-0092.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html External Source APPLE APPLE-SA-2015-06-30-2
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html External Source APPLE APPLE-SA-2015-10-21-4
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html External Source APPLE APPLE-SA-2015-09-30-3
http://marc.info/?l=bugtraq&m=142296726407499&w=2 External Source HP HPSBGN03247
http://marc.info/?l=bugtraq&m=142721102728110&w=2 External Source HP SSRT101953
http://marc.info/?l=bugtraq&m=142722450701342&w=2 External Source HP HPSBGN03285
http://marc.info/?l=bugtraq&m=142781412222323&w=2 External Source HP SSRT101937
http://marc.info/?l=bugtraq&m=143145428124857&w=2 External Source HP HPSBMU03330
http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html External Source MISC http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html External Source MISC http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html External Source MISC http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
http://rhn.redhat.com/errata/RHSA-2015-0126.html External Source REDHAT RHSA-2015:0126
http://seclists.org/fulldisclosure/2015/Jan/111 External Source FULLDISC 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
http://seclists.org/oss-sec/2015/q1/269 External Source BUGTRAQ 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
http://seclists.org/oss-sec/2015/q1/274 Exploit External Source BUGTRAQ 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
http://secunia.com/advisories/62758 External Source SECUNIA 62758
http://secunia.com/advisories/62812 External Source SECUNIA 62812
http://secunia.com/advisories/62813 External Source SECUNIA 62813
http://secunia.com/advisories/62816 External Source SECUNIA 62816
http://secunia.com/advisories/62865 External Source SECUNIA 62865
http://secunia.com/advisories/62870 External Source SECUNIA 62870
http://secunia.com/advisories/62871 External Source SECUNIA 62871
http://secunia.com/advisories/62879 External Source SECUNIA 62879
http://secunia.com/advisories/62883 External Source SECUNIA 62883
http://support.apple.com/kb/HT204942 External Source CONFIRM http://support.apple.com/kb/HT204942
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost External Source CISCO 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://www.debian.org/security/2015/dsa-3142 External Source DEBIAN DSA-3142
http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf External Source CONFIRM http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 External Source MANDRIVA MDVSA-2015:039
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/archive/1/archive/1/534845/100/0/threaded External Source BUGTRAQ 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
http://www.securityfocus.com/bid/72325 External Source BID 72325
http://www.securityfocus.com/bid/91787 External Source BID 91787
http://www.securitytracker.com/id/1032909 External Source SECTRACK 1032909
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 External Source CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www-01.ibm.com/support/docview.wss?uid=swg21695695 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21695695
http://www-01.ibm.com/support/docview.wss?uid=swg21695774 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21695774
http://www-01.ibm.com/support/docview.wss?uid=swg21695835 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21695835
http://www-01.ibm.com/support/docview.wss?uid=swg21695860 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21695860
http://www-01.ibm.com/support/docview.wss?uid=swg21696131 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21696131
http://www-01.ibm.com/support/docview.wss?uid=swg21696243 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21696243
http://www-01.ibm.com/support/docview.wss?uid=swg21696526 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21696526
http://www-01.ibm.com/support/docview.wss?uid=swg21696600 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21696600
http://www-01.ibm.com/support/docview.wss?uid=swg21696602 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21696602
http://www-01.ibm.com/support/docview.wss?uid=swg21696618 External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21696618
https://bto.bluecoat.com/security-advisory/sa90 External Source CONFIRM https://bto.bluecoat.com/security-advisory/sa90
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability External Source MISC https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668 External Source CONFIRM https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671 External Source CONFIRM https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
https://kc.mcafee.com/corporate/index?page=content&id=SB10100 External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10100
https://security.gentoo.org/glsa/201503-04 External Source GENTOO GLSA-201503-04
https://security.netapp.com/advisory/ntap-20150127-0001/ External Source CONFIRM https://security.netapp.com/advisory/ntap-20150127-0001/
https://support.apple.com/HT205267 External Source CONFIRM https://support.apple.com/HT205267
https://support.apple.com/HT205375 External Source CONFIRM https://support.apple.com/HT205375
https://www.f-secure.com/en/web/labs_global/fsc-2015-1 External Source CONFIRM https://www.f-secure.com/en/web/labs_global/fsc-2015-1
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt External Source MISC https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
https://www.sophos.com/en-us/support/knowledgebase/121879.aspx External Source CONFIRM https://www.sophos.com/en-us/support/knowledgebase/121879.aspx

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:a:oracle:communications_applications:13.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle_pillar_axiom:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle_pillar_axiom:6.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle_pillar_axiom:6.3:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 32 change records found - show changes